misp-training/a.10-galaxy-2.0/content.tex

% DO NOT COMPILE THIS FILE DIRECTLY!
% This is included by the other .tex files.

\begin{frame}[t,plain]
\titlepage
\end{frame}

\begin{frame}
    \frametitle{Outline of the presentation}
    \begin{itemize}
        \item Present the features available for Sharing \textit{galaxy clusters}
        \item Look at the internals of what changed in the datamodel and MISP's behaviors
    \end{itemize}
\end{frame}

\begin{frame}
    \frametitle{MISP Galaxy 2.0}
    Galaxy 2.0 introduces various new features for \textit{Galaxies} and their \textit{Clusters} allowing:
    \begin{itemize}
        \item Creation of \textbf{custom} \textit{Clusters}
        \item \textbf{ACL} on \textit{Clusters}
        \item \textbf{Connection} of \textit{Clusters} via \textit{Relations}
        \item \textbf{Synchronization} to connected instances.
        \item \textbf{Visualization} of forks and relationships
    \end{itemize}
\end{frame}

\begin{frame}
    \frametitle{Default Galaxy clusters}
    {\bf Default} {\it Galaxy cluster} 
    \begin{itemize}
        \item Coming from the \texttt{misp-galaxy} repository\footnote{\url{https://github.com/MISP/misp-galaxy}}
        \item Cannot be edited
        \begin{itemize}
            \item Only way to provide modification is to modify the stored JSON or to open a pull request
            \item Are not synchronized
            \item Source of trust
        \end{itemize}
        \item Restrictions propagate to their children (\texttt{Galaxy cluster elements}, \texttt{Cluster relationships})
    \end{itemize}

    \vspace{0.5em}
    {\bf Custom} {\it Galaxy cluster} 
    \begin{itemize}
        \item Can be created via the UI or API
        \item Belongs to an organisation
        \begin{itemize}
            \item Fully editable
            \item Are synchronized
        \end{itemize}
    \end{itemize}
\end{frame}


\begin{frame}
    \frametitle{MISP Galaxy 2.0 - Comparison with prior version}
    \textit{Clusters} and \textit{Relations} can be edited.
    \begin{itemize}
        \item New \textit{Clusters} fields
        \begin{itemize}
            \item \texttt{distribution}, \texttt{sharing\_group\_id}
            \item \texttt{org\_id}, \texttt{orgc\_id}
            \item \texttt{locked}, \texttt{published}, \texttt{deleted}
            \item \texttt{default}
            \begin{itemize}
                \item \textit{Clusters} coming from the \texttt{misp-galaxies} repository are marked as default
                \item Not synchronized
            \end{itemize}
            \begin{itemize}
                \item Same purpose as \textit{Event}'s \texttt{locked} field
            \end{itemize}
            \item \texttt{extends\_uuid}
            \begin{itemize}
                \item Point to the \textit{Cluster} that has been forked
            \end{itemize}
            \item \texttt{extends\_version}
            \begin{itemize}
                \item Keep track of the \textit{Cluster} version that has been forked
            \end{itemize}
        \end{itemize}
    \end{itemize}
\end{frame}

\begin{frame}
    \frametitle{MISP Galaxy 2.0 - Others changes}
    \begin{itemize}
        \item \textit{Role} \texttt{perm\_galaxy\_editor}
        \item Relations also have a \texttt{distribution} and can have \textit{Tags}
        \item Synchronization servers have 2 new flags
        \begin{itemize}
            \item \texttt{pull\_galaxy\_clusters}
            \item \texttt{push\_galaxy\_clusters}
        \end{itemize}
        \item Clusters \texttt{blocklist}
    \end{itemize}
\end{frame}

\begin{frame}
    \frametitle{Features in depth: CRUD}
    \begin{itemize}
        \item Standard CRUD
        \item Soft and Hard deletion
        \item Publishing
        \item Update forked cluster to keep it synchronized with its parent
        \item ACL on the \textit{Cluster} itself, not on its tag
        \begin{itemize}
            \item \texttt{misp-galaxy:{\color{blue} galaxy-type}="{\color{red} cluster UUID}"}
            \item \texttt{\tiny misp-galaxy:{\color{blue} mitre-attack-pattern}="{\color{red} e4932f21-4867-4de6-849a-1b11e48e2682}"}
        \end{itemize}
    \end{itemize}
\end{frame}

\begin{frame}
    \frametitle{Features in depth: Visualization}
    Tree view of forked Clusters
    \includegraphics[scale=0.5]{pics/cluster-forks}
    \vspace{0.5em}
    \begin{center}
        \includegraphics[width=1.0\linewidth]{pics/cluster-forks-tree}
    \end{center}
\end{frame}

\begin{frame}
    \frametitle{Features in depth: Visualization}
    Tree and network views for Relations between Clusters
    \vspace{0.5em}
    \begin{center}
        \includegraphics[width=1.0\linewidth]{pics/cluster-relations}
    \end{center}
\end{frame}

\begin{frame}
    \frametitle{Features in depth: Visualization}
    Tree and network views for Relations between Clusters
    \includegraphics[width=1.0\linewidth]{pics/cluster-relations-tree}
\end{frame}

\begin{frame}
    \frametitle{Galaxy cluster elements}
    Hasn't been touched: Still a key-value stored. But new feature have been added\footnote{Will be included in next release}
    \vspace{0.5em}

    Tabular view
    \begin{itemize}
        \item Allows you to browse {\bf cluster elements} like before
    \end{itemize}
    \begin{center}
        \includegraphics[width=1.0\linewidth]{pics/tabular-view.png}
    \end{center}
\end{frame}

\begin{frame}
    \frametitle{Galaxy cluster elements}
    JSON view
    \begin{itemize}
        \item Allows you to visualisation {\bf cluster element} in a JSON structure
        \item Allows you to convert any JSON into {\bf cluster elements} enabling searches and correlations
    \end{itemize}
    \begin{center}
        \includegraphics[width=1.0\linewidth]{pics/json-view.png}
    \end{center}
\end{frame}

\begin{frame}
    \frametitle{Synchronization in depth}
    Has its own synchronization mechanism which can be enabled with the \texttt{pull\_galaxy\_cluster} and \texttt{push\_galaxy\_cluster} flags
    \vspace{0.5em}
    \begin{itemize}
        \item \textbf{Pull All}: Pull all remote Clusters (similar to event's pull all)
        \item \textbf{Pull Update}: Update local Clusters (similar to event's pull update)
        \item \textbf{Pull Relevant}: Pull missing Clusters based on local Tags
        \item \textbf{Push}: Triggered whenever a Cluster is published or via standard push
    \end{itemize}
\end{frame}
new: [galaxy2.0] Added draft of the feature 2020-09-29 18:35:51 +02:00			`% DO NOT COMPILE THIS FILE DIRECTLY!`
			`% This is included by the other .tex files.`

			`\begin{frame}[t,plain]`
			`\titlepage`
			`\end{frame}`

			`\begin{frame}`
			`\frametitle{Outline of the presentation}`
			`\begin{itemize}`
			`\item Present the features available for Sharing \textit{galaxy clusters}`
			`\item Look at the internals of what changed in the datamodel and MISP's behaviors`
			`\end{itemize}`
			`\end{frame}`

			`\begin{frame}`
			`\frametitle{MISP Galaxy 2.0}`
			`Galaxy 2.0 introduces various new features for \textit{Galaxies} and their \textit{Clusters} allowing:`
			`\begin{itemize}`
			`\item Creation of \textbf{custom} \textit{Clusters}`
chg: [galaxy-2.0] Updated presentation 2020-12-16 13:07:05 +01:00			`\item \textbf{ACL} on \textit{Clusters}`
new: [galaxy2.0] Added draft of the feature 2020-09-29 18:35:51 +02:00			`\item \textbf{Connection} of \textit{Clusters} via \textit{Relations}`
			`\item \textbf{Synchronization} to connected instances.`
			`\item \textbf{Visualization} of forks and relationships`
			`\end{itemize}`
			`\end{frame}`

			`\begin{frame}`
chg: [galaxy-2.0] Updated presentation 2020-12-16 13:07:05 +01:00			`\frametitle{Default Galaxy clusters}`
			`{\bf Default} {\it Galaxy cluster}`
new: [galaxy2.0] Added draft of the feature 2020-09-29 18:35:51 +02:00			`\begin{itemize}`
chg: [galaxy-2.0] Updated presentation 2020-12-16 13:07:05 +01:00			`\item Coming from the \texttt{misp-galaxy} repository\footnote{\url{https://github.com/MISP/misp-galaxy}}`
			`\item Cannot be edited`
new: [galaxy2.0] Added draft of the feature 2020-09-29 18:35:51 +02:00			`\begin{itemize}`
chg: [galaxy-2.0] Updated presentation 2020-12-16 13:07:05 +01:00			`\item Only way to provide modification is to modify the stored JSON or to open a pull request`
			`\item Are not synchronized`
			`\item Source of trust`
new: [galaxy2.0] Added draft of the feature 2020-09-29 18:35:51 +02:00			`\end{itemize}`
chg: [galaxy-2.0] Updated presentation 2020-12-16 13:07:05 +01:00			`\item Restrictions propagate to their children (\texttt{Galaxy cluster elements}, \texttt{Cluster relationships})`
			`\end{itemize}`

			`\vspace{0.5em}`
			`{\bf Custom} {\it Galaxy cluster}`
			`\begin{itemize}`
			`\item Can be created via the UI or API`
			`\item Belongs to an organisation`
new: [galaxy2.0] Added draft of the feature 2020-09-29 18:35:51 +02:00			`\begin{itemize}`
chg: [galaxy-2.0] Updated presentation 2020-12-16 13:07:05 +01:00			`\item Fully editable`
			`\item Are synchronized`
new: [galaxy2.0] Added draft of the feature 2020-09-29 18:35:51 +02:00			`\end{itemize}`
chg: [galaxy-2.0] Updated presentation 2020-12-16 13:07:05 +01:00			`\end{itemize}`
			`\end{frame}`


			`\begin{frame}`
			`\frametitle{MISP Galaxy 2.0 - Comparison with prior version}`
			`\textit{Clusters} and \textit{Relations} can be edited.`
			`\begin{itemize}`
			`\item New \textit{Clusters} fields`
new: [galaxy2.0] Added draft of the feature 2020-09-29 18:35:51 +02:00			`\begin{itemize}`
chg: [galaxy-2.0] Updated presentation 2020-12-16 13:07:05 +01:00			`\item \texttt{distribution}, \texttt{sharing\_group\_id}`
			`\item \texttt{org\_id}, \texttt{orgc\_id}`
			`\item \texttt{locked}, \texttt{published}, \texttt{deleted}`
			`\item \texttt{default}`
			`\begin{itemize}`
			`\item \textit{Clusters} coming from the \texttt{misp-galaxies} repository are marked as default`
			`\item Not synchronized`
			`\end{itemize}`
			`\begin{itemize}`
			`\item Same purpose as \textit{Event}'s \texttt{locked} field`
			`\end{itemize}`
			`\item \texttt{extends\_uuid}`
			`\begin{itemize}`
			`\item Point to the \textit{Cluster} that has been forked`
			`\end{itemize}`
			`\item \texttt{extends\_version}`
			`\begin{itemize}`
			`\item Keep track of the \textit{Cluster} version that has been forked`
			`\end{itemize}`
new: [galaxy2.0] Added draft of the feature 2020-09-29 18:35:51 +02:00			`\end{itemize}`
			`\end{itemize}`
			`\end{frame}`

			`\begin{frame}`
			`\frametitle{MISP Galaxy 2.0 - Others changes}`
			`\begin{itemize}`
			`\item \textit{Role} \texttt{perm\_galaxy\_editor}`
			`\item Relations also have a \texttt{distribution} and can have \textit{Tags}`
chg: [galaxy-2.0] Updated presentation 2020-12-16 13:07:05 +01:00			`\item Synchronization servers have 2 new flags`
new: [galaxy2.0] Added draft of the feature 2020-09-29 18:35:51 +02:00			`\begin{itemize}`
			`\item \texttt{pull\_galaxy\_clusters}`
			`\item \texttt{push\_galaxy\_clusters}`
			`\end{itemize}`
			`\item Clusters \texttt{blocklist}`
			`\end{itemize}`
			`\end{frame}`

			`\begin{frame}`
			`\frametitle{Features in depth: CRUD}`
			`\begin{itemize}`
			`\item Standard CRUD`
			`\item Soft and Hard deletion`
			`\item Publishing`
			`\item Update forked cluster to keep it synchronized with its parent`
			`\item ACL on the \textit{Cluster} itself, not on its tag`
			`\begin{itemize}`
			`\item \texttt{misp-galaxy:{\color{blue} galaxy-type}="{\color{red} cluster UUID}"}`
			`\item \texttt{\tiny misp-galaxy:{\color{blue} mitre-attack-pattern}="{\color{red} e4932f21-4867-4de6-849a-1b11e48e2682}"}`
			`\end{itemize}`
			`\end{itemize}`
			`\end{frame}`

			`\begin{frame}`
			`\frametitle{Features in depth: Visualization}`
chg: [galaxy-2.0] Updated presentation 2020-12-16 13:07:05 +01:00			`Tree view of forked Clusters`
			`\includegraphics[scale=0.5]{pics/cluster-forks}`
			`\vspace{0.5em}`
			`\begin{center}`
			`\includegraphics[width=1.0\linewidth]{pics/cluster-forks-tree}`
			`\end{center}`
new: [galaxy2.0] Added draft of the feature 2020-09-29 18:35:51 +02:00			`\end{frame}`

			`\begin{frame}`
			`\frametitle{Features in depth: Visualization}`
			`Tree and network views for Relations between Clusters`
chg: [galaxy-2.0] Updated presentation 2020-12-16 13:07:05 +01:00			`\vspace{0.5em}`
			`\begin{center}`
			`\includegraphics[width=1.0\linewidth]{pics/cluster-relations}`
			`\end{center}`
new: [galaxy2.0] Added draft of the feature 2020-09-29 18:35:51 +02:00			`\end{frame}`

			`\begin{frame}`
			`\frametitle{Features in depth: Visualization}`
			`Tree and network views for Relations between Clusters`
			`\includegraphics[width=1.0\linewidth]{pics/cluster-relations-tree}`
			`\end{frame}`

			`\begin{frame}`
chg: [galaxy-2.0] Updated presentation 2020-12-16 13:07:05 +01:00			`\frametitle{Galaxy cluster elements}`
			`Hasn't been touched: Still a key-value stored. But new feature have been added\footnote{Will be included in next release}`
			`\vspace{0.5em}`
new: [galaxy2.0] Added draft of the feature 2020-09-29 18:35:51 +02:00
chg: [galaxy-2.0] Updated presentation 2020-12-16 13:07:05 +01:00			`Tabular view`
new: [galaxy2.0] Added draft of the feature 2020-09-29 18:35:51 +02:00			`\begin{itemize}`
chg: [galaxy-2.0] Updated presentation 2020-12-16 13:07:05 +01:00			`\item Allows you to browse {\bf cluster elements} like before`
new: [galaxy2.0] Added draft of the feature 2020-09-29 18:35:51 +02:00			`\end{itemize}`
chg: [galaxy-2.0] Updated presentation 2020-12-16 13:07:05 +01:00			`\begin{center}`
			`\includegraphics[width=1.0\linewidth]{pics/tabular-view.png}`
			`\end{center}`
new: [galaxy2.0] Added draft of the feature 2020-09-29 18:35:51 +02:00			`\end{frame}`

			`\begin{frame}`
chg: [galaxy-2.0] Updated presentation 2020-12-16 13:07:05 +01:00			`\frametitle{Galaxy cluster elements}`
			`JSON view`
new: [galaxy2.0] Added draft of the feature 2020-09-29 18:35:51 +02:00			`\begin{itemize}`
chg: [galaxy-2.0] Updated presentation 2020-12-16 13:07:05 +01:00			`\item Allows you to visualisation {\bf cluster element} in a JSON structure`
			`\item Allows you to convert any JSON into {\bf cluster elements} enabling searches and correlations`
new: [galaxy2.0] Added draft of the feature 2020-09-29 18:35:51 +02:00			`\end{itemize}`
chg: [galaxy-2.0] Updated presentation 2020-12-16 13:07:05 +01:00			`\begin{center}`
			`\includegraphics[width=1.0\linewidth]{pics/json-view.png}`
			`\end{center}`
new: [galaxy2.0] Added draft of the feature 2020-09-29 18:35:51 +02:00			`\end{frame}`

			`\begin{frame}`
chg: [galaxy-2.0] Updated presentation 2020-12-16 13:07:05 +01:00			`\frametitle{Synchronization in depth}`
			`Has its own synchronization mechanism which can be enabled with the \texttt{pull\_galaxy\_cluster} and \texttt{push\_galaxy\_cluster} flags`
			`\vspace{0.5em}`
new: [galaxy2.0] Added draft of the feature 2020-09-29 18:35:51 +02:00			`\begin{itemize}`
chg: [galaxy-2.0] Updated presentation 2020-12-16 13:07:05 +01:00			`\item \textbf{Pull All}: Pull all remote Clusters (similar to event's pull all)`
			`\item \textbf{Pull Update}: Update local Clusters (similar to event's pull update)`
			`\item \textbf{Pull Relevant}: Pull missing Clusters based on local Tags`
			`\item \textbf{Push}: Triggered whenever a Cluster is published or via standard push`
new: [galaxy2.0] Added draft of the feature 2020-09-29 18:35:51 +02:00			`\end{itemize}`
			`\end{frame}`